Jl? ^ 1 . A\method of providing security against unauthorized access to internal resources of a 

<.r^0 V \ 

netwotic device comprising: 

r^eiving a digital signature at a security association manager (SAM); wherein said 

^ digital siMature includes an encryption code; 

5 said tBAM requesting a de-encryption code; 

said SaM de-encrypting said digital signature with said de-encryption code; 

said SAM authenticating said de-encrypted digital signature; and 

said SAM Requesting allowed operations associated with said authenticated signature. 

10 2. A method of providVg security according to Claim 1 wherein said network device 
comprises a Java enableii device. 
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3, A method of providing seturity according to Claim 1 wherein said encryption code 
comprises a private key and s^d de-encryption code comprises a public key certificate 
associated with said private key> 



4, A method of providing security according to Claim 1 further comprising: 

a certificate authority receiving said request for a de-encryption code and comparing 
information in said request to information stored in said certificate authority. 

5. A method of providing security according to Claim 4 further comprising: 

said certificate authority responding \o said request by sending said de-encryption 
code to said SAM. 



25 6. A method of providing security according to Olaim 1 further comprising: 

a policy server receiving said request for allowed operations associated with said 

authenticated signature; 

said policy server comparing said authenticated^signature with information stored on 

said policy server; and 

30 said policy server sending a response to said SAM ih^icating an access level 

corresponding to said authenticated signature. 
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7. A metho^pf providing security according to Claim 6 fiirther comprising: 

said pcilicy server authenticating said request for allowed operations associated with 
said authenticated signature prior to comparing said authenticated signature with said 
information stored on said policy server. 



8. Apparatus for pro^^iding security against imauthorized access to internal resources of a 
network device comprising: 

a security assoddation manager (SAM); configured to receive a digital signature 

including an encryption\code; 
1 0 wherein said S ANl is configured to send a message including a portion of said digital 

signature; wherein said message includes a request for an encryption decoder; 
□ wherein said SAM ia further configured to receive a response to said message; 

Q wherein said SAM is configured to send a digitally signed message requesting 

:=! allowed operations associated v^ith said digital signature in response to receiving said reply 
1=5 message. 

9. Apparatus for supplying security in accordance with Claim 8 further comprising: 

a certificate authority configured to receive said message from said SAM, and 
\J to send said reply; wherein saiq certificate authority includes 

m 

10. Apparatus for providing security acc\prding to Claim 8 wherein said network device 
comprises a Java enabled device. 

1 1 . Apparatus for providing security accordmg to Claim 8 wherein said encryption code 
25 comprises a private key and said encryption dJjcoder comprises a public key certificate 

associated with said private key. 

12. Apparatus for providing security according to\Claim 8 further comprising: 

a policy server configured to receive said reljuest for allowed operations associated 
30 with said authenticated signature; 
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said policy sender including a comparison device configured to compare said 
authenticated signature with information stored on said policy server; and 

said policy server being configured to send a response to said SAM indicating an 
access level corresponding to said authenticated signature. 
5 \ 

13. Apparatus for providing security against unauthorized access to intemal resources of a 
network device compmsing: 

means for recei^dng a digital signature including an encryption code; 

means for accessmg a de-encryption code in electrical communication with said 
1 0 means for receiving; and, 

means for determining allowed operations associated with said digital signature. 
^Zj \ 

14. Apparatus for providing ^curity according to Claim 13 wherein said network device 
comprises a Java enabled devic 

1| 

iij 15. Apparatus for providing security according to Claim 13 further comprising a 
~ downloadable file associated with said digital signature. 

s k 

%J 16. Apparatus for providiif^ecurity according to Claim 13 wherein said encryption code 
2S comprises a private key. 

.Apparatus for proviqing security according to Claim 1 3 wherein said de-encryption code 
prises a public key cWtificate. 

25 18. Apparatus for providin^security according to Claim 13 further comprising means for 

receiving a downloadable filiirg including said digital signal and assigning an access level to a 
Java thread. 
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